Alexander: Defending Against Cyberattacks Requires Collaboration

By Cheryl Pellerin

American Forces Press Service

WASHINGTON, Oct. 30, 2013 – Catastrophic cyberattacks loom in the nation’s future, and only collaboration among government agencies, Internet service providers and U.S. allies worldwide can help citizens prepare for them, the commander of U.S. Cyber Command said this afternoon.

Army Gen. Keith B. Alexander, who also serves as director of the National Security Agency, delivered the keynote address to senior government security officials and industry executives attending a cybersecurity conference.

“Over the last 14 months, we’ve seen over 350 distributed-denial-of-service attacks on Wall Street, with varying levels of success. In August 2012, the whole world saw a destructive attack on Saudi Aramco’s computer systems that … wiped out the data on over 30,000 systems,” Alexander said.

The general asked the audience to imagine if that attack had hit Wall Street and to consider the impact it would have on the nation’s finances and the global financial structure.

“Those types of catastrophic attacks are in our future,” the general said. “We have to prepare for them. This is something the government cannot do by itself -- this is something government, industry and our allies have to work [on] together.”

Alexander said the partnership must start with legislation that allows Internet service providers such as those who have large financial industry clients on Wall Street to tell government law enforcement agencies exactly when a cyberattack is happening so it can be stopped.

“We need a way for industry to tell us when there’s an attack going on,” he said. “The chances of us seeing it in time to do something about it are very small, especially for a destructive attack.”

Alexander likened the way such a process would work to the way the E-ZPass electronic toll collection system scans cars on the highway to collect tolls. In the case of Internet traffic, the Internet service provider would scan network packets to see if they are good or bad, he explained.

If a bad packet is coming into Wall Street, Internet service providers would see that, he said, and could tip off the FBI, the Department of Homeland Security, the National Security Agency or U.S. Cyber Command about the bad packet, including where it’s going and where it’s coming from, at network speed.

“That’s the key,” Alexander said. “In order to respond to these types of threats, we need that information at network speed, and we’ve got to come up with the rules and the operational concepts to actually work at network speed if we’re going to stop some of these attacks.”

Some questions remain about how the process would work, he added.

“How do we scan traffic to know that it’s good to go in such a way that we protect our civil liberties and privacy and insure it’s not something that’s going to destroy our financial networks?” he asked. Our thoughts are that this is where government and industry can work together.

“We don’t need the contents of the packet,” he continued. “We don’t need to know anything more than it’s a bad packet and it came from Point A and it’s going to Point B. But for industry to provide us that information, we need legislation.”

Five areas are most important to the Cyber Command and NSA missions, the general told the audience. First, and perhaps most important, is to have a trained and ready force, he said.

“If you don’t have that and if [the cyber warriors] aren’t trained to the right level,” Alexander said, “they will never detect the threats that are going on in our networks.”

Second is to have operational concepts and command and control, the general said, defining that as Team Cyber, or the integration of NSA and Cyber Command as a team alongside the Department of Homeland Security and the FBI.

“We have a team and a concept that says if an attack is happening on Wall Street, we have to know how we’re going to work it,” he said. “NSA and Cyber Command do not respond inside the United States; that’s the role of the FBI. Outside, we work with our allies; that’s where NSA and Cyber Command come in. The operational concept says how we stop an attack and how we tell the right authorities what’s coming.”

Third is to have a defensible architecture, he said, using the Defense Department’s networks to explain the problem.

“Within the Defense Department we have 15,000 enclaves, each with different system administrators, each with their own firewalls, and each presenting a potential vulnerability if they’re not patched at the same time,” Alexander explained.

Having 15,000 groups of people trying to patch a network at the same time is problematic, he said.

“Somebody’s going to make a mistake, and … in cyberspace that means an adversary has a good probability of getting access to our network,” he said. “It’s the same thing for industry. How are we going to fix it? This is where the thin virtual cloud comes in.”

Such problems must be addressed at network speed “if we’re ever going to get out in front of this,” he added.

The fourth area is shared situational awareness in cyberspace, or how cyberspace is seen.

“Today, when somebody talks about an attack into your network, ask them to draw you a picture,” Alexander said. The issue, he added, is that if someone can’t describe what’s happening in cyberspace so that every decision maker understands it, how can they respond?

“We need shared situational awareness in cyberspace. We’re working that -- we call it the cyber common operational picture -- but we also have to have that shared space with industry,” Alexander said. “That’s one of the key things that industry and government have to work on together. How do we see the threats?”

Seeing good airplanes and bad airplanes coming in requires that they be sorted out, Alexander said. “We do that for air defense,” he added. “How do we do it for cyber defense, and how do we share it with our allies? That’s a key issue we have to address in solving some of the problems coming up.”

The fifth area is authorities, he said.

“The secretary of defense and the president are the policymakers, and it’s their decision on when we act and when we don’t act,” Alexander said. “But we have to set up some of the authorities -- what we’ll call the rules of the road.”

From a military perspective, these are the rules of engagement, he said, “and we are actually working that with the Defense Department, the White House and others. … But those, I think, absolutely should be on the table, and they should be transparent.”